SlideShare ist ein Scribd-Unternehmen logo

Playing Hide-and-Seek: An Abstract Game for Cyber Security

Martin Chapman
Martin Chapman

1. The document proposes using a simple game of hide-and-seek to abstractly model cybersecurity problems. 2. It explores strategies for hiders and seekers in this game, finding that hiders can favor some locations significantly before their behavior becomes exploitable. It also finds little benefit to seekers conducting a partial search based on probability information. 3. Further work is suggested to model more complex hider and seeker behaviors, topologies, and the ability of agents to change strategies dynamically.

Wissenschaft
1 von 76
Downloaden Sie, um offline zu lesen
PlayingHide-And-Seek: An Abstract Game for Cyber Security 1 Martin Chapman Gareth Tyson Simon Parsons Michael Luck Peter McBurney
2
3
Issue:The complexity of research at the intersection of ABM and Cyber Security 3
4
4
4
5
6
6
? ? ? ? ? ? ? ? ? ? 6
? ? ? ? ? ? ? ? ? ? 6
7
8
8
? ? ? ? ? ? ? ? ? ? 8
Claim: A number of different Cyber Security problems can be abstracted to a simple game of ‘Hide-And-Seek’ 9
Claim: A number of different Cyber Security problems can be abstracted to a simple game of ‘Hide-And-Seek’ . . . therefore . . . We are motivated to explore strategies for seeking (and, ultimately, hiding) in this game. 9
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... 10 What is the structure of a H&S game?
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... 10 What is the structure of a H&S game?
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Network 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Network Hider 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Network Hider Seeker 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Network Hider Seeker 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Seeker 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Assuming no knowledge of an opponent it is intuitive to conceal these objects randomly. Hider Seeker 10
Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... In this instance, the best a seeker can do is conduct a random walk. Hider Seeker 10
Sohowcanwestrategise? 11
Sohowcanwestrategise? In reality, hiders (attackers) are either unable or unwillingto express randomness [Rubinstein, 1999] 11
Sohowcanwestrategise? In reality, hiders (attackers) are either unable or unwillingto express randomness [Rubinstein, 1999] - Bug’s in code - Human fallibility - Infrastructure constraints - Perceived ‘secrecy’ of locations 11
Sohowcanwestrategise? In reality, hiders (attackers) are either unable or unwillingto express randomness [Rubinstein, 1999] - Bug’s in code - Human fallibility - Infrastructure constraints - Perceived ‘secrecy’ of locations Repeatbehaviour 11
Hider Seeker 12
Hider Seeker 1 v1 v2 v3 2 v5v1 v4 3 v1 v6 v7 v1 v2 v3 v5v1 v4 v1 v6 v7 12
Hider Seeker 1 v1 v2 v3 2 v5v1 v4 3 v1 v6 v7 4 ? v1 v2 v3 v5v1 v4 v1 v6 v7 12
Hider Seeker 1 v1 v2 v3 2 v5v1 v4 3 v1 v6 v7 4 ? v1 v2 v3 v5v1 v4 v1 v6 v7 12
Hider Seeker 1 v1 v2 v3 2 v5v1 v4 3 v1 v6 v7 4 ? v1 v2 v3 v5v1 v4 v1 v6 v7 v1 12
Seeker 13
Seeker 13
1. How muchof this bias needs to be exhibited before a hider’s repetitions become exploitable? 2. How many bias nodes need to be included a directed search to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deceptionon the part of the hider? 14
1. How muchof this bias needs to be exhibited before a hider’s repetitions become exploitable? 2. How to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deception 14
15‘b’timesmorelikelytoselectanode 8 9 11 12 14 15 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Hider Bias (b) Random Exploit (r = 1) AverageCostofGames(log2) Onlylookingforonehiddenobject
15 Bias does not have an impact until ~ b = 45 ‘b’timesmorelikelytoselectanode 8 9 11 12 14 15 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Hider Bias (b) Random Exploit (r = 1) AverageCostofGames(log2) Onlylookingforonehiddenobject
15 Bias does not have an impact until ~ b = 45 ‘b’timesmorelikelytoselectanode 8 9 11 12 14 15 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Hider Bias (b) Random Exploit (r = 1) AverageCostofGames(log2) Onlylookingforonehiddenobject If it is costly for a Seeker to employ a non-random strategy, does not need to do so below this amount of bias
15 Bias does not have an impact until ~ b = 45 ‘b’timesmorelikelytoselectanode 8 9 11 12 14 15 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Hider Bias (b) Random Exploit (r = 1) AverageCostofGames(log2) Onlylookingforonehiddenobject Hider can afford to favour a node significantly before his behaviour becomes exploitable by the seeker If it is costly for a Seeker to employ a non-random strategy, does not need to do so below this amount of bias
1. How muchof this bias needs to be exhibited before a hider’s repetitions become exploitable? 2. How to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deception 16
1. How hider’s repetitions become exploitable? 2. How many bias nodes need to be included a directed search to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deception 16
17 Lookingformultiplehiddenobjects 12.0 12.5 13.0 13.5 14.0 14.5 15.0 15.5 16.0 16.5 17.0 0 5 10 15 20 25 30 35 40 45 50 Number of High Probability Nodes Included in Search (r) Random Exploit (0 ≤ r < n) AverageCostofGames(log2) Assume‘perfect’informationonopponent Totalnumberofhiddenobjects
17 Lookingformultiplehiddenobjects 12.0 12.5 13.0 13.5 14.0 14.5 15.0 15.5 16.0 16.5 17.0 0 5 10 15 20 25 30 35 40 45 50 Number of High Probability Nodes Included in Search (r) Random Exploit (0 ≤ r < n) AverageCostofGames(log2) Assume‘perfect’informationonopponent Totalnumberofhiddenobjects Probability information only becomes useful when used to locate almost all hidden objects
17 Little benefit to conducing a search with only partial knowledge Lookingformultiplehiddenobjects 12.0 12.5 13.0 13.5 14.0 14.5 15.0 15.5 16.0 16.5 17.0 0 5 10 15 20 25 30 35 40 45 50 Number of High Probability Nodes Included in Search (r) Random Exploit (0 ≤ r < n) AverageCostofGames(log2) Assume‘perfect’informationonopponent Totalnumberofhiddenobjects Probability information only becomes useful when used to locate almost all hidden objects
17 Little benefit to conducing a search with only partial knowledge Good news for the hider again: the number of nodes he can be biased towards, as well as the degree, is highLookingformultiplehiddenobjects 12.0 12.5 13.0 13.5 14.0 14.5 15.0 15.5 16.0 16.5 17.0 0 5 10 15 20 25 30 35 40 45 50 Number of High Probability Nodes Included in Search (r) Random Exploit (0 ≤ r < n) AverageCostofGames(log2) Assume‘perfect’informationonopponent Totalnumberofhiddenobjects Probability information only becomes useful when used to locate almost all hidden objects
1. How hider’s repetitions become exploitable? 2. How many bias nodes need to be included a directed search to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deception 18
1. How hider’s repetitions become exploitable? 2. How to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deceptionon the part of the hider? 18
19 14 15 16 0 5 10 15 20 25 30 35 40 45 50 AverageCostofGames(log2) Number of High Probability Nodes Included in Search (r) Random Exploit
19 14 15 16 0 5 10 15 20 25 30 35 40 45 50 AverageCostofGames(log2) Number of High Probability Nodes Included in Search (r) Random Exploit When we don’t know the portion of objects which are hidden with bias, difficult to strategise against
19 14 15 16 0 5 10 15 20 25 30 35 40 45 50 AverageCostofGames(log2) Number of High Probability Nodes Included in Search (r) Random Exploit When we don’t know the portion of objects which are hidden with bias, difficult to strategise against r is arbitrary; should be symmetrically random
20
1. Results as heuristics; importance of verification 20
1. Results as heuristics; importance of verification 20 2. Impact of parameters
1. Results as heuristics; importance of verification 20 2. Impact of parameters 3. Importance of data-driven simulation
21
1. The performance of both Hiders and Seekers when there are a varying number of items to find. 21
1. The performance of both Hiders and Seekers when there are a varying number of items to find. 21 2. Performance of agents on different topologies (fully connected, so movement not constrained).
22
1. Hiders who are also constrained by the topology. 22
1. Hiders who are also constrained by the topology. 22 2. ‘Intelligent’ hiders who also track seeker’s behaviour, if repetitions exist (i.e. start point).
3. Edge by edge probability scores for boththe Seeker and Hider. 1. Hiders who are also constrained by the topology. 22 2. ‘Intelligent’ hiders who also track seeker’s behaviour, if repetitions exist (i.e. start point).
23
1. Agents with a ‘strategy portfolio’ who are able to switch between these strategies on-the-fly. 23
2. Agents with a self-analysis component, allowing them to judge their own performance, and change strategy as appropriate. 1. Agents with a ‘strategy portfolio’ who are able to switch between these strategies on-the-fly. 23
PlayingHide-And-Seek: An Abstract Game for Cyber Security 24 martin.chapman@kcl.ac.uk www.martin-chapman.com

Empfohlen

Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
HITCON GIRLS
 
Game theory for neural networks
Game theory for neural networksGame theory for neural networks
Game theory for neural networks
David Balduzzi
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 
Hacking on and off screen
Hacking on and off screenHacking on and off screen
Hacking on and off screen
ITrust - Cybersecurity as a Service
 
Principles of Health Informatics: Artificial intelligence and machine learning
Principles of Health Informatics: Artificial intelligence and machine learningPrinciples of Health Informatics: Artificial intelligence and machine learning
Principles of Health Informatics: Artificial intelligence and machine learning
Martin Chapman
 
Principles of Health Informatics: Clinical decision support systems
Principles of Health Informatics: Clinical decision support systemsPrinciples of Health Informatics: Clinical decision support systems
Principles of Health Informatics: Clinical decision support systems
Martin Chapman
 
Mechanisms for Integrating Real Data into Search Game Simulations: An Applica...
Mechanisms for Integrating Real Data into Search Game Simulations: An Applica...Mechanisms for Integrating Real Data into Search Game Simulations: An Applica...
Mechanisms for Integrating Real Data into Search Game Simulations: An Applica...
Martin Chapman
 
Technical Validation through Automated Testing
Technical Validation through Automated TestingTechnical Validation through Automated Testing
Technical Validation through Automated Testing
Martin Chapman
 

Empfohlen

Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
Birds of a Feather 2017: 邀請分享 Place of Attribution in Threat Intelligence - F...
HITCON GIRLS
 
Game theory for neural networks
Game theory for neural networksGame theory for neural networks
Game theory for neural networks
David Balduzzi
 
The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?The Heatmap
 - Why is Security Visualization so Hard?
The Heatmap
 - Why is Security Visualization so Hard?
Raffael Marty
 
Hacking on and off screen
Hacking on and off screenHacking on and off screen
Hacking on and off screen
ITrust - Cybersecurity as a Service
 
Principles of Health Informatics: Artificial intelligence and machine learning
Principles of Health Informatics: Artificial intelligence and machine learningPrinciples of Health Informatics: Artificial intelligence and machine learning
Principles of Health Informatics: Artificial intelligence and machine learning
Martin Chapman
 
Principles of Health Informatics: Clinical decision support systems
Principles of Health Informatics: Clinical decision support systemsPrinciples of Health Informatics: Clinical decision support systems
Principles of Health Informatics: Clinical decision support systems
Martin Chapman
 
Mechanisms for Integrating Real Data into Search Game Simulations: An Applica...
Mechanisms for Integrating Real Data into Search Game Simulations: An Applica...Mechanisms for Integrating Real Data into Search Game Simulations: An Applica...
Mechanisms for Integrating Real Data into Search Game Simulations: An Applica...
Martin Chapman
 
Technical Validation through Automated Testing
Technical Validation through Automated TestingTechnical Validation through Automated Testing
Technical Validation through Automated Testing
Martin Chapman
 
Scalable architectures for phenotype libraries
Scalable architectures for phenotype librariesScalable architectures for phenotype libraries
Scalable architectures for phenotype libraries
Martin Chapman
 
Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...
Martin Chapman
 
Using AI to autonomously identify diseases within groups of patients
Using AI to autonomously identify diseases within groups of patientsUsing AI to autonomously identify diseases within groups of patients
Using AI to autonomously identify diseases within groups of patients
Martin Chapman
 
Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...
Martin Chapman
 
Principles of Health Informatics: Evaluating medical software
Principles of Health Informatics: Evaluating medical softwarePrinciples of Health Informatics: Evaluating medical software
Principles of Health Informatics: Evaluating medical software
Martin Chapman
 
Principles of Health Informatics: Usability of medical software
Principles of Health Informatics: Usability of medical softwarePrinciples of Health Informatics: Usability of medical software
Principles of Health Informatics: Usability of medical software
Martin Chapman
 
Principles of Health Informatics: Social networks, telehealth, and mobile health
Principles of Health Informatics: Social networks, telehealth, and mobile healthPrinciples of Health Informatics: Social networks, telehealth, and mobile health
Principles of Health Informatics: Social networks, telehealth, and mobile health
Martin Chapman
 
Principles of Health Informatics: Communication systems in healthcare
Principles of Health Informatics: Communication systems in healthcarePrinciples of Health Informatics: Communication systems in healthcare
Principles of Health Informatics: Communication systems in healthcare
Martin Chapman
 
Principles of Health Informatics: Terminologies and classification systems
Principles of Health Informatics: Terminologies and classification systemsPrinciples of Health Informatics: Terminologies and classification systems
Principles of Health Informatics: Terminologies and classification systems
Martin Chapman
 
Principles of Health Informatics: Representing medical knowledge
Principles of Health Informatics: Representing medical knowledgePrinciples of Health Informatics: Representing medical knowledge
Principles of Health Informatics: Representing medical knowledge
Martin Chapman
 
Principles of Health Informatics: Informatics skills - searching and making d...
Principles of Health Informatics: Informatics skills - searching and making d...Principles of Health Informatics: Informatics skills - searching and making d...
Principles of Health Informatics: Informatics skills - searching and making d...
Martin Chapman
 
Principles of Health Informatics: Informatics skills - communicating, structu...
Principles of Health Informatics: Informatics skills - communicating, structu...Principles of Health Informatics: Informatics skills - communicating, structu...
Principles of Health Informatics: Informatics skills - communicating, structu...
Martin Chapman
 
Principles of Health Informatics: Models, information, and information systems
Principles of Health Informatics: Models, information, and information systemsPrinciples of Health Informatics: Models, information, and information systems
Principles of Health Informatics: Models, information, and information systems
Martin Chapman
 
Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...
Martin Chapman
 
Using Microservices to Design Patient-facing Research Software
Using Microservices to Design Patient-facing Research SoftwareUsing Microservices to Design Patient-facing Research Software
Using Microservices to Design Patient-facing Research Software
Martin Chapman
 
Using CWL to support EHR-based phenotyping
Using CWL to support EHR-based phenotypingUsing CWL to support EHR-based phenotyping
Using CWL to support EHR-based phenotyping
Martin Chapman
 
Phenoflow: An Architecture for Computable Phenotypes
Phenoflow: An Architecture for Computable PhenotypesPhenoflow: An Architecture for Computable Phenotypes
Phenoflow: An Architecture for Computable Phenotypes
Martin Chapman
 
Phenoflow 2021
Phenoflow 2021Phenoflow 2021
Phenoflow 2021
Martin Chapman
 
COVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvIt
COVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvItCOVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvIt
COVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvIt
Martin Chapman
 
Using computable phenotypes in point of care clinical trial recruitment
Using computable phenotypes in point of care clinical trial recruitmentUsing computable phenotypes in point of care clinical trial recruitment
Using computable phenotypes in point of care clinical trial recruitment
Martin Chapman
 
GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)
Areesha Ahmad
 
Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .
Poonam Aher Patil
 

Weitere ähnliche Inhalte

Mehr von Martin Chapman

Using AI to autonomously identify diseases within groups of patients
Using AI to autonomously identify diseases within groups of patientsUsing AI to autonomously identify diseases within groups of patients
Using AI to autonomously identify diseases within groups of patients
Martin Chapman
 
Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...
Martin Chapman
 
COVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvIt
COVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvItCOVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvIt
COVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvIt
Martin Chapman
 

Mehr von Martin Chapman (20)

Scalable architectures for phenotype libraries
Scalable architectures for phenotype librariesScalable architectures for phenotype libraries
Scalable architectures for phenotype libraries
 
Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...
 
Using AI to autonomously identify diseases within groups of patients
Using AI to autonomously identify diseases within groups of patientsUsing AI to autonomously identify diseases within groups of patients
Using AI to autonomously identify diseases within groups of patients
 
Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...
 
Principles of Health Informatics: Evaluating medical software
Principles of Health Informatics: Evaluating medical softwarePrinciples of Health Informatics: Evaluating medical software
Principles of Health Informatics: Evaluating medical software
 
Principles of Health Informatics: Usability of medical software
Principles of Health Informatics: Usability of medical softwarePrinciples of Health Informatics: Usability of medical software
Principles of Health Informatics: Usability of medical software
 
Principles of Health Informatics: Social networks, telehealth, and mobile health
Principles of Health Informatics: Social networks, telehealth, and mobile healthPrinciples of Health Informatics: Social networks, telehealth, and mobile health
Principles of Health Informatics: Social networks, telehealth, and mobile health
 
Principles of Health Informatics: Communication systems in healthcare
Principles of Health Informatics: Communication systems in healthcarePrinciples of Health Informatics: Communication systems in healthcare
Principles of Health Informatics: Communication systems in healthcare
 
Principles of Health Informatics: Terminologies and classification systems
Principles of Health Informatics: Terminologies and classification systemsPrinciples of Health Informatics: Terminologies and classification systems
Principles of Health Informatics: Terminologies and classification systems
 
Principles of Health Informatics: Representing medical knowledge
Principles of Health Informatics: Representing medical knowledgePrinciples of Health Informatics: Representing medical knowledge
Principles of Health Informatics: Representing medical knowledge
 
Principles of Health Informatics: Informatics skills - searching and making d...
Principles of Health Informatics: Informatics skills - searching and making d...Principles of Health Informatics: Informatics skills - searching and making d...
Principles of Health Informatics: Informatics skills - searching and making d...
 
Principles of Health Informatics: Informatics skills - communicating, structu...
Principles of Health Informatics: Informatics skills - communicating, structu...Principles of Health Informatics: Informatics skills - communicating, structu...
Principles of Health Informatics: Informatics skills - communicating, structu...
 
Principles of Health Informatics: Models, information, and information systems
Principles of Health Informatics: Models, information, and information systemsPrinciples of Health Informatics: Models, information, and information systems
Principles of Health Informatics: Models, information, and information systems
 
Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...Using AI to understand how preventative interventions can improve the health ...
Using AI to understand how preventative interventions can improve the health ...
 
Using Microservices to Design Patient-facing Research Software
Using Microservices to Design Patient-facing Research SoftwareUsing Microservices to Design Patient-facing Research Software
Using Microservices to Design Patient-facing Research Software
 
Using CWL to support EHR-based phenotyping
Using CWL to support EHR-based phenotypingUsing CWL to support EHR-based phenotyping
Using CWL to support EHR-based phenotyping
 
Phenoflow: An Architecture for Computable Phenotypes
Phenoflow: An Architecture for Computable PhenotypesPhenoflow: An Architecture for Computable Phenotypes
Phenoflow: An Architecture for Computable Phenotypes
 
Phenoflow 2021
Phenoflow 2021Phenoflow 2021
Phenoflow 2021
 
COVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvIt
COVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvItCOVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvIt
COVID-19 Analytics in Jupyter: Intuitive Provenance Integration using ProvIt
 
Using computable phenotypes in point of care clinical trial recruitment
Using computable phenotypes in point of care clinical trial recruitmentUsing computable phenotypes in point of care clinical trial recruitment
Using computable phenotypes in point of care clinical trial recruitment
 

Kürzlich hochgeladen

❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
Nitya salvi
 
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
ssuser79fe74
 
Introduction,importance and scope of horticulture.pptx
Introduction,importance and scope of horticulture.pptxIntroduction,importance and scope of horticulture.pptx
Introduction,importance and scope of horticulture.pptx
Bhagirath Gogikar
 
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsBiogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Sérgio Sacani
 
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
PirithiRaju
 
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
dkNET
 
Bacterial Identification and Classifications
Bacterial Identification and ClassificationsBacterial Identification and Classifications
Bacterial Identification and Classifications
Areesha Ahmad
 
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLKochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
kantirani197
 

Kürzlich hochgeladen (20)

GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)GBSN - Microbiology (Unit 1)
GBSN - Microbiology (Unit 1)
 
Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
 
GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)GBSN - Microbiology (Unit 2)
GBSN - Microbiology (Unit 2)
 
STS-UNIT 4 CLIMATE CHANGE POWERPOINT PRESENTATION
STS-UNIT 4 CLIMATE CHANGE POWERPOINT PRESENTATIONSTS-UNIT 4 CLIMATE CHANGE POWERPOINT PRESENTATION
STS-UNIT 4 CLIMATE CHANGE POWERPOINT PRESENTATION
 
pumpkin fruit fly, water melon fruit fly, cucumber fruit fly
pumpkin fruit fly, water melon fruit fly, cucumber fruit flypumpkin fruit fly, water melon fruit fly, cucumber fruit fly
pumpkin fruit fly, water melon fruit fly, cucumber fruit fly
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)
 
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
Chemical Tests; flame test, positive and negative ions test Edexcel Internati...
 
Introduction,importance and scope of horticulture.pptx
Introduction,importance and scope of horticulture.pptxIntroduction,importance and scope of horticulture.pptx
Introduction,importance and scope of horticulture.pptx
 
module for grade 9 for distance learning
module for grade 9 for distance learningmodule for grade 9 for distance learning
module for grade 9 for distance learning
 
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)
 
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune WaterworldsBiogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
Biogenic Sulfur Gases as Biosignatures on Temperate Sub-Neptune Waterworlds
 
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdfPests of cotton_Sucking_Pests_Dr.UPR.pdf
Pests of cotton_Sucking_Pests_Dr.UPR.pdf
 
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
 
Unit5-Cloud.pptx for lpu course cse121 o
Unit5-Cloud.pptx for lpu course cse121 oUnit5-Cloud.pptx for lpu course cse121 o
Unit5-Cloud.pptx for lpu course cse121 o
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
 
Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .
 
IDENTIFICATION OF THE LIVING- forensic medicine
IDENTIFICATION OF THE LIVING- forensic medicineIDENTIFICATION OF THE LIVING- forensic medicine
IDENTIFICATION OF THE LIVING- forensic medicine
 
Bacterial Identification and Classifications
Bacterial Identification and ClassificationsBacterial Identification and Classifications
Bacterial Identification and Classifications
 
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLKochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
 

Playing Hide-and-Seek: An Abstract Game for Cyber Security

  • 1. PlayingHide-And-Seek: An Abstract Game for Cyber Security 1 Martin Chapman Gareth Tyson Simon Parsons Michael Luck Peter McBurney
  • 2. 2
  • 3. 3
  • 4. Issue:The complexity of research at the intersection of ABM and Cyber Security 3
  • 5. 4
  • 6. 4
  • 7. 4
  • 8. 5
  • 9. 6
  • 10. 6
  • 13. 7
  • 14. 8
  • 15. 8
  • 17. Claim: A number of different Cyber Security problems can be abstracted to a simple game of ‘Hide-And-Seek’ 9
  • 18. Claim: A number of different Cyber Security problems can be abstracted to a simple game of ‘Hide-And-Seek’ . . . therefore . . . We are motivated to explore strategies for seeking (and, ultimately, hiding) in this game. 9
  • 19. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... 10 What is the structure of a H&S game?
  • 20. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... 10 What is the structure of a H&S game?
  • 21. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Network 10
  • 22. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Network Hider 10
  • 23. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Network Hider Seeker 10
  • 24. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Network Hider Seeker 10
  • 25. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
  • 26. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
  • 27. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
  • 28. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
  • 29. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
  • 30. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Seeker 10
  • 31. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Hider Seeker 10
  • 32. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... Assuming no knowledge of an opponent it is intuitive to conceal these objects randomly. Hider Seeker 10
  • 33. Parameters 1. Topology 2. Number of nodes 3. Number of hidden objects “Nature” “AgentProperties” ... In this instance, the best a seeker can do is conduct a random walk. Hider Seeker 10
  • 35. Sohowcanwestrategise? In reality, hiders (attackers) are either unable or unwillingto express randomness [Rubinstein, 1999] 11
  • 36. Sohowcanwestrategise? In reality, hiders (attackers) are either unable or unwillingto express randomness [Rubinstein, 1999] - Bug’s in code - Human fallibility - Infrastructure constraints - Perceived ‘secrecy’ of locations 11
  • 37. Sohowcanwestrategise? In reality, hiders (attackers) are either unable or unwillingto express randomness [Rubinstein, 1999] - Bug’s in code - Human fallibility - Infrastructure constraints - Perceived ‘secrecy’ of locations Repeatbehaviour 11
  • 39. Hider Seeker 1 v1 v2 v3 2 v5v1 v4 3 v1 v6 v7 v1 v2 v3 v5v1 v4 v1 v6 v7 12
  • 40. Hider Seeker 1 v1 v2 v3 2 v5v1 v4 3 v1 v6 v7 4 ? v1 v2 v3 v5v1 v4 v1 v6 v7 12
  • 41. Hider Seeker 1 v1 v2 v3 2 v5v1 v4 3 v1 v6 v7 4 ? v1 v2 v3 v5v1 v4 v1 v6 v7 12
  • 42. Hider Seeker 1 v1 v2 v3 2 v5v1 v4 3 v1 v6 v7 4 ? v1 v2 v3 v5v1 v4 v1 v6 v7 v1 12
  • 45. 1. How muchof this bias needs to be exhibited before a hider’s repetitions become exploitable? 2. How many bias nodes need to be included a directed search to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deceptionon the part of the hider? 14
  • 46. 1. How muchof this bias needs to be exhibited before a hider’s repetitions become exploitable? 2. How to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deception 14
  • 47. 15‘b’timesmorelikelytoselectanode 8 9 11 12 14 15 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Hider Bias (b) Random Exploit (r = 1) AverageCostofGames(log2) Onlylookingforonehiddenobject
  • 48. 15 Bias does not have an impact until ~ b = 45 ‘b’timesmorelikelytoselectanode 8 9 11 12 14 15 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Hider Bias (b) Random Exploit (r = 1) AverageCostofGames(log2) Onlylookingforonehiddenobject
  • 49. 15 Bias does not have an impact until ~ b = 45 ‘b’timesmorelikelytoselectanode 8 9 11 12 14 15 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Hider Bias (b) Random Exploit (r = 1) AverageCostofGames(log2) Onlylookingforonehiddenobject If it is costly for a Seeker to employ a non-random strategy, does not need to do so below this amount of bias
  • 50. 15 Bias does not have an impact until ~ b = 45 ‘b’timesmorelikelytoselectanode 8 9 11 12 14 15 0 5 10 15 20 25 30 35 40 45 50 55 60 65 70 75 80 85 90 95 Hider Bias (b) Random Exploit (r = 1) AverageCostofGames(log2) Onlylookingforonehiddenobject Hider can afford to favour a node significantly before his behaviour becomes exploitable by the seeker If it is costly for a Seeker to employ a non-random strategy, does not need to do so below this amount of bias
  • 51. 1. How muchof this bias needs to be exhibited before a hider’s repetitions become exploitable? 2. How to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deception 16
  • 52. 1. How hider’s repetitions become exploitable? 2. How many bias nodes need to be included a directed search to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deception 16
  • 53. 17 Lookingformultiplehiddenobjects 12.0 12.5 13.0 13.5 14.0 14.5 15.0 15.5 16.0 16.5 17.0 0 5 10 15 20 25 30 35 40 45 50 Number of High Probability Nodes Included in Search (r) Random Exploit (0 ≤ r < n) AverageCostofGames(log2) Assume‘perfect’informationonopponent Totalnumberofhiddenobjects
  • 54. 17 Lookingformultiplehiddenobjects 12.0 12.5 13.0 13.5 14.0 14.5 15.0 15.5 16.0 16.5 17.0 0 5 10 15 20 25 30 35 40 45 50 Number of High Probability Nodes Included in Search (r) Random Exploit (0 ≤ r < n) AverageCostofGames(log2) Assume‘perfect’informationonopponent Totalnumberofhiddenobjects Probability information only becomes useful when used to locate almost all hidden objects
  • 55. 17 Little benefit to conducing a search with only partial knowledge Lookingformultiplehiddenobjects 12.0 12.5 13.0 13.5 14.0 14.5 15.0 15.5 16.0 16.5 17.0 0 5 10 15 20 25 30 35 40 45 50 Number of High Probability Nodes Included in Search (r) Random Exploit (0 ≤ r < n) AverageCostofGames(log2) Assume‘perfect’informationonopponent Totalnumberofhiddenobjects Probability information only becomes useful when used to locate almost all hidden objects
  • 56. 17 Little benefit to conducing a search with only partial knowledge Good news for the hider again: the number of nodes he can be biased towards, as well as the degree, is highLookingformultiplehiddenobjects 12.0 12.5 13.0 13.5 14.0 14.5 15.0 15.5 16.0 16.5 17.0 0 5 10 15 20 25 30 35 40 45 50 Number of High Probability Nodes Included in Search (r) Random Exploit (0 ≤ r < n) AverageCostofGames(log2) Assume‘perfect’informationonopponent Totalnumberofhiddenobjects Probability information only becomes useful when used to locate almost all hidden objects
  • 57. 1. How hider’s repetitions become exploitable? 2. How many bias nodes need to be included a directed search to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deception 18
  • 58. 1. How hider’s repetitions become exploitable? 2. How to yield maximum performance for the seeker? 3. How should a seeker operate in the face of potential deceptionon the part of the hider? 18
  • 59. 19 14 15 16 0 5 10 15 20 25 30 35 40 45 50 AverageCostofGames(log2) Number of High Probability Nodes Included in Search (r) Random Exploit
  • 60. 19 14 15 16 0 5 10 15 20 25 30 35 40 45 50 AverageCostofGames(log2) Number of High Probability Nodes Included in Search (r) Random Exploit When we don’t know the portion of objects which are hidden with bias, difficult to strategise against
  • 61. 19 14 15 16 0 5 10 15 20 25 30 35 40 45 50 AverageCostofGames(log2) Number of High Probability Nodes Included in Search (r) Random Exploit When we don’t know the portion of objects which are hidden with bias, difficult to strategise against r is arbitrary; should be symmetrically random
  • 62. 20
  • 63. 1. Results as heuristics; importance of verification 20
  • 64. 1. Results as heuristics; importance of verification 20 2. Impact of parameters
  • 65. 1. Results as heuristics; importance of verification 20 2. Impact of parameters 3. Importance of data-driven simulation
  • 66. 21
  • 67. 1. The performance of both Hiders and Seekers when there are a varying number of items to find. 21
  • 68. 1. The performance of both Hiders and Seekers when there are a varying number of items to find. 21 2. Performance of agents on different topologies (fully connected, so movement not constrained).
  • 69. 22
  • 70. 1. Hiders who are also constrained by the topology. 22
  • 71. 1. Hiders who are also constrained by the topology. 22 2. ‘Intelligent’ hiders who also track seeker’s behaviour, if repetitions exist (i.e. start point).
  • 72. 3. Edge by edge probability scores for boththe Seeker and Hider. 1. Hiders who are also constrained by the topology. 22 2. ‘Intelligent’ hiders who also track seeker’s behaviour, if repetitions exist (i.e. start point).
  • 73. 23
  • 74. 1. Agents with a ‘strategy portfolio’ who are able to switch between these strategies on-the-fly. 23
  • 75. 2. Agents with a self-analysis component, allowing them to judge their own performance, and change strategy as appropriate. 1. Agents with a ‘strategy portfolio’ who are able to switch between these strategies on-the-fly. 23
  • 76. PlayingHide-And-Seek: An Abstract Game for Cyber Security 24 martin.chapman@kcl.ac.uk www.martin-chapman.com